3 Jan 2012 11:01
Re: [Proftpd-user] TCP Window dropping to zero during upload
Pierre Gaxatte <pierre.gaxatte <at> gmail.com>
2012-01-03 10:01:30 GMT
2012-01-03 10:01:30 GMT
Hi,
I did not have any answer to my questions but I figured out what causes my problem.
A F5 BigIP happens to be on the way before the FTP server and it cuts ANY TCP connection that exceeds 1200 seconds without acitvity. Without it, the TCP connection would stop <at> 7200 seconds I believe.
This means that it cuts the control connection. But why does proftpd drop its TCP window when the control connection is closed? (in this case it is closed by an RST packet)
Is this by design?
I didn't see anything about that in RFC959. :(
I can't modify the 1200 seconds of TCP timeout so is there any way to prevent proftpd from closing its window when the control connection is lost?
I'll try vsftpd too to see if it is acting the same way.
Thanks in advance.
Regards,
Pierre
On Fri, Dec 30, 2011 at 2:21 PM, Pierre Gaxatte <pierre.gaxatte <at> gmail.com> wrote:
Just to add a comment, I noticed, in the latest test I ran, that the client (curl) is closing the connection on port 21 <at> 1206 seconds and 6 ACKs after that, the server is starting to decrease its TCP window.
Could it be related?
Thanks in advance,
Pierre--On Fri, Dec 30, 2011 at 2:06 PM, Pierre Gaxatte <pierre.gaxatte <at> gmail.com> wrote:Hi,
I am having a weird problem with proftpd (version 1.3.1 from debian lenny and version 1.3.3 from squeeze, both on 64 bits system) when I try to upload a big file.
The upload lasts around 1200 seconds (20 minutes) and I can see in the resulting pcap capture that the TCP window is dropping to zero in a few packets at that point in time.
Then the client sends keep alive packets until it reaches its timeout.
Do you have any clue of what is going on?
The server's configuration:
ServerName "Precom FTP"
ServerType standalone
ServerIdent on "FTP Server"
DeferWelcome on
DefaultServer on
DisplayLogin .welcome # Textfile to display on login
DisplayConnect .connect # Textfile to display on connection
UseReverseDNS off
IdentLookups off
Port 21
Umask 022
MaxInstances 30
MaxClientsPerHost 5 "Only %m connections per host allowed"
MaxClients 15 "Only %m total simultanious logins allowed"
MaxHostsPerUser 10
User proftpd
Group nogroup
Include /etc/proftpd/modules.conf
DefaultRoot ~
AllowOverwrite on
HiddenStores on
DeleteAbortedStores on
ScoreboardFile /data/logs/proftpd/scoreboard
TimeoutNoTransfer 60
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"
TransferLog /data/logs/proftpd/proftpd.xferlog
ExtendedLog /data/logs/proftpd/proftpd.access_log WRITE,READ write
ExtendedLog /data/logs/proftpd/proftpd.auth_log AUTH auth
ExtendedLog /data/logs/proftpd/proftpd.paranoid_log ALL default
AuthOrder mod_sql.c
SQLAuthTypes Backend
SQLConnectInfo xxxxxx
SQLUserInfo usertable userid passwd uid gid homedir shell
SQLGroupInfo grouptable groupname gid members
SQLUserWhereClause "disabled=0 and (NOW()<=expiration or expiration=-1 or expiration=0)"
SQLLogFile /data/logs/proftpd/proftpd.mysql
SQLLog PASS counter
SQLNamedQuery counter UPDATE "lastlogin=now(), count=count+1 WHERE userid='%u'" usertable
SQLLog EXIT time_logout
SQLNamedQuery time_logout UPDATE "lastlogout=now() WHERE userid='%u'" usertable
SQLNamedQuery login_time SELECT "lastlogin from usertable where userid='%u'"
SQLLog RETR,STOR transfer1
SQLNamedQuery transfer1 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'c', NULL" xfer_stat
SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery transfer2 INSERT "'%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), 'i', NULL" xfer_stat
AllowStoreRestart off
AllowRetrieveRestart on
RequireValidShell off
PathDenyFilter "\\.ftp)|\\.ht)[a-z]+$"
DefaultRoot ~
DenyFilter \*.*/
UseSendfile off
PassivePorts 60000 65535 # These ports should be safe...
DeleteAbortedStores o
The logs don't show anything particular...
Also, it might intersting, some kernel variables:
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.tcp_keepalive_time = 3600
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_fin_timeout = 25
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_orphan_retries = 0
net.ipv4.tcp_fack = 1
net.ipv4.tcp_reordering = 3
net.ipv4.tcp_ecn = 0
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_mem = 380544 507392 761088
net.ipv4.tcp_wmem = 4096 16384 4194304
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_app_win = 31
net.ipv4.tcp_adv_win_scale = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_frto = 2
net.ipv4.tcp_frto_response = 0
net.ipv4.tcp_low_latency = 0
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_moderate_rcvbuf = 1
net.ipv4.tcp_tso_win_divisor = 3
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_abc = 0
net.ipv4.tcp_mtu_probing = 0
net.ipv4.tcp_base_mss = 512
net.ipv4.tcp_workaround_signed_windows = 0
net.ipv4.tcp_dma_copybreak = 4096
net.ipv4.tcp_slow_start_after_idle = 1
net.ipv4.tcp_available_congestion_control = cubic reno
net.ipv4.tcp_allowed_congestion_control = cubic reno
net.ipv4.tcp_max_ssthresh = 0
Thanks in advance!
Regards,
--
Pierre Gaxatte
Pierre Gaxatte
--
Pierre Gaxatte
------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev
_______________________________________________ ProFTPD Users List <proftpd-users <at> proftpd.org> Unsubscribe problems? http://www.proftpd.org/list-unsub.html
RSS Feed